Intrusion prevention appliances have been widely available in the last few years. Published U.S. patent application Nos. 20030004688, 20030004689, 20030009699, 20030014662, 20030204632, 20030123452, 20030123447, 20030097557, and 20030041266 disclose systems, methods and techniques that primarily focused on content, header and state anomaly based intrusion prevention with little or no emphasis on adaptive rate anomalies. These prior systems find rate anomalies using either a profile based approach or fixed thresholds.
As one skilled in the art knows, internet attacks have been growing in complexity and have been more wide-spread due to a variety of readily available attack toolkits. To protect critical resources, a new intrusion prevention method and system is therefore necessary to thwart attacks on these fronts at line-speeds available today. The present invention addresses this need.